A first problem addressed by the present invention is providing a user with objective information about a network resource:
Users connect to a network—such as the Internet, a public switched telephone network (PSTN), or a cellular (mobile) telephony network—through a user-controlled network-connective client device—such as a personal computer, telephone, or cell (mobile) phone. The user has an interface to the device—such as web browser application, phone display, or man-machine interface
For the purposes of this background discussion, we will focus on a connection to a popular type of network resource: a web site. The user's client device receives content, called a web page, from the web site and displays it in the web browser. The web page may include elements with content and characteristics called “objects”, which in the context of the present invention can include text blocks, pictures, video clips, hyperlinks to other pages, editable fields, user-selected options, sub-pages (usually called “frames” in the art) that may themselves contain one or more objects, program code, or pointers to, and parameters for, programs to run on the client device etc.
An object may be retrieved by the web browser by connecting to a web site and receiving data from it concerning the object. The data could include instructions for adding more objects to the display by retrieving their data from the same site as the original object or from a different site. The user's client device typically includes an input device (keyboard, pen, mouse etc.) whereby he may interact with an object. For example, he might add characters to an input object, select one or more items in a selection object, select a file from his client device for transmission, use a microphone and/or a camera attached to his client device to generate a voice, video or multimedia clip for transmission, use a token to generate data for transmission, etc.
The data sent by the web browser has a destination that is defined (implicitly or explicitly) by the object that enables the data to be submitted. Since there are various addressing and name-masking schemes (e.g., aliases, re-direction, and encoded addresses), it is impossible for the user, using only the information available to him from the web browser, to determine with confidence the target he is transmitting to, the legitimacy of the target, the owner of the target, the physical location of the target, and whether the target really is intended for the purpose presented in the web browser or implied by the target address e.g., YourSaveSiteBank.
In addition, even where the site ownership appears to be legitimate, the user still needs to determine whether the site is an inappropriate target to transmit sensitive data to.
In addition, the user is rarely able to determine whether his transmission is done in a manner such that ensures only the authenticated target receives the information. While certificates exist for this purpose, the user needs a way to check the certificate's validity.
In summary, users are confronted with many combinations and permutations of seemingly easy-to-respond formats with reassuring text and most users are unable to detect untrustworthy targets. And even if the user knew how to obtain information about a suspect target, the user would not be sure how to use that highly technical information.
The present invention provides innovative filters, a rating algorithm, and a database that combine to provide the user with easy-to-understand information about a network resource, enabling them to comfortably proceed or abort the connection or communication.
An example of the need for the present invention can be seen in the case where encrypted confidential information is sent between an e-commerce server implemented as a web server and a browser device. The most common encryption protocol is the Secure Sockets Layer (SSL). This protocol requires a certificate issued for the server to be used. The certificate details are sent to the client and when the browser verifies the certificate, a lock icon is displayed in the browser.
However it is not enough that the session is secure. The present invention answers the user's need to verify that the certificate for the session was issued by a trusted certificate authority, the certificate belongs to the company that owns the server, and that this company meets security and commercial standards so that the user should feel safe to send the information to it
Another example of the need for the present invention involves unauthorized extraction of personal information, also referred to as “phishing”. There are many ways used by web sites to convince naive people to disclose information about themselves. For example:                the site use pages that looks like the pages used by a trusted resource        the site owner might surreptitiously execute a program on the user's machine, where the program transmits to the server the keystrokes pressed by the user without the user's knowledge        the site might have a name similar to that of a real site (like “micrusoft.com” instead of “microsoft.com”        
Users must manually verify that none of these phishing strategies are being used against them when they enter their confidential information and submit it to the web server.
The present invention solves the problem, providing the user with enough information to decide whether to trust the e-commerce server (trust-related information). The present invention provides a program on the user's device that watches all the web pages accessed by the user and detects situations where the user is sending confidential information to a site that may misuse it.
A second problem addressed by the present invention is monitoring a user's networked device for unintended transmission of confidential data:
Users frequently transmit confidential information (passport number, social security number, bank account, PIN etc.) from their network-connective client devices to network resources. A user may not be aware that the network resource is an unauthorized destination. For example, when a user buys new software he is asked to register. The registration can be via electronic form (like email), via fax, printing a document and mailing it etc. If the registration form has fields like driver license number, social security number, date of birth, and the like, the naive user may fill it in and send it while being unaware of the consequences that may result.
The present invention provides pertinent information to help the user decide whether or not to proceed in transmitting confidential information to network resources, in particular when filling in forms that may be transmitted to entities for purposes other than the purpose for which the information was intended by the user, by adding a program on the user's device that watches the user's data entry activities (like typing data or sending data to other network resources) and detects situations where the confidential information may be sent to a network resource that might misuse it. The program can also scan the user's machine and storage devices for the existence of confidential information and help protect that information from being leaked.
A third problem addressed by the present invention is verifying the identity of a voice or messaging recipient:
When a user wants to send a message through a public service (electronic mail, fax, short message, instant message, multimedia message etc.) or he tries to establish a voice and/or data session—the sender or session initiator uses an address that he thinks belongs to the recipient. The address can be a telephone number, network address (like TCP/IP address), nickname used by the recipient in a global service, electronic mail address, etc. In many cases if the sender had known the real address and its owner he would not have sent the message. Sometimes the address includes a subtle typing error that fools the sender (the “microsoft” vs. “micrusoft” example), sometimes the interpretation of the address by the user is wrong, sometimes the address is an alias to a different address that was sent in order to confuse the sender, and sometimes the cost of sending the message to the address is high and if the user had known that he would not have sent it.
The invention uses directory servers to find the owner of the address and, when needed, more details about the owner—for example, whether it is a company or an individual, where he/it is located, whether there reports about the owner (e.g., better business bureau reports) etc.
Currently the label “phishing” is being used for extracting information using Web Browsers. Web “phishing” is a threat that occurs when a user gets a link to set his web browser to a page in a site which was designed to receive from him proprietary information. The site usually looks like the real site but it is either a proxy (performing man-in-the-middle function) or a fake site that can read all the data sent to the site by the user, including user name and password, credit card details, social security number, PIN, billing address etc. Some sites even use a combination of web pages, applications and users that manually execute functions that enable them a one-time access to an account over the web. If the user uses a common web browser to connect to the Internet and follows the link, he might either provide confidential or private information or let others login access to a restricted application.
Current solutions verify the legitimacy of a site based on the following:
Blacklists used to notify and block access: When a phishing message or a phishing site is detected they are added to a black list so that users may not get there. Firewalls and anti-spam software detect the messages or the connections to the phishing sites and stop them.
Education and guidelines: Users are requested to use manual algorithms and their acquired knowledge to manually detect a phishing message or a phishing site.
There are cases where, when a user sends a message or initiates a session, the information about the recipient is displayed on the sending machine. These solutions usually use “non-verified” information about the recipient's identity, meaning that the identity is not verified. There is no systematic method that checks the unverified information.
US Patent Application 20040123157, METHOD, SYSTEM, AND COMPUTER PROGRAM PRODUCT FOR SECURITY WITHIN A GLOBAL COMPUTER NETWORK, by Alagna et al. (2004) provides an information handling system that attempts to determine two things concerning whether a resource within a global computer network:                whether the resource is likely being misrepresented as a trusted resource        whether the resource is a known trusted resource.        
Alagna's invention is summarized in the following list:                a) determines the level of trust that can be to assign to a web site address and to addresses pointed to by the web site, including hyperlinks        b) detects fields in the web site that include patterns of text or fields for requesting that a user provide sensitive data (for example, credit card details, bank account details, financial information)        c) determines properties of the web site and the web page (e.g. its size, its age, its layout, number of hyperlinks)        d) submits data to the web site and analyzes the results in order to determine if the site is a phishing site        
With reference to the preceding list, the present invention compares with Alagna's invention as follows:                a) Similarity: Both inventions maintain an internal database of known trusted and known trusted web sites. Some of the data is received from external resources (for example, the site bizrate.com).        Difference: Our invention uses different methods to automatically determine which sites are trusted and entrusted. The main method is maintaining what we refer to as the “calling ID” a site. The calling ID includes information like the location of the server, location of the owner, commercial details about the owner (type of organization, number of employees, income, financial status, year established, field of business etc), outsiders rating of the owner (financial or technology analysts rating, customers satisfaction rating, regulations authorities rating etc.).        We also use methods for detecting entrusted sites. For example, we check whether the site protects confidential information (like credit card numbers). If we determine that we can obtain unauthorized access to such information, we lower the site's trust rating.        b) We do not claim novelty in detecting such fields.        c) We do not claim novelty in determining such properties.        d) We use an innovative and unanticipated method of sending information to the network resource (e.g., web site) and analyzing the result. When a password-protected web site is not known to be trusted, our invention provides the option to send deliberately incorrect login information to check whether the web site accepts the information. If it does, this is a strong indicator that the web site is not to be trusted.        